Tech Giants, DoJ Reach Agreement on Spy Request Reporting

The U.S. Department of Justice (DoJ) has agreed to grant communications service providers a bit more leeway in disclosing information about secret information disclosure orders from federal agencies.

The DoJ on Monday announced an agreement (PDF) allowing service providers to disclose bulk numbers of orders they receive from the secret Foreign Intelligence Surveillance Court (FISC), although the reporting requirements are highly nuanced and restricted. In return, the service providers that had filed complaints -- Microsoft, Facebook, Google, LinkedIn and Yahoo -- all agreed to drop their complaints about the FISC reporting restrictions (PDF).

In October, the DoJ had rejected the companies' petitions to be permitted to disclose more information about the secret court orders they receive. The DoJ claimed at that time that the specific number of FISC requests was classified as "secret" information per the executive branch. The DoJ had also contended that the First Amendment of the U.S. Constitution didn't give the companies the right to disclose that information.

That position has now loosed up a little, per Obama's direction, according to a prepared statement attributed to Attorney General Eric Holder and Director of National Intelligence James Clapper.

This action was directed by the President earlier this month in his speech on intelligence reforms. While this aggregate data was properly classified until today, the office of the Director of National Intelligence, in consultation with other departments and agencies, has determined that the public interest in disclosing this information now outweighs the national security concerns that required its classification.

President Barack Obama's Jan. 17 speech noted that "concerns of American companies" should be taken into account, along with "privacy and basic liberties." He said that he had asked the attorney general and the director of national intelligence to "institute reforms that place additional restrictions on government's ability to retain, search, and use in criminal cases communications between Americans and foreign citizens incidentally collected under Section 702." He also suggested that the government could be more transparent on its secret National Security Letters issued by the FBI, which are a way to obtain information without a court order. He ambiguously called for an end to the "Section 215 bulk metadata program as it currently exists."

The ability of service providers to disclose FISC requests in bulk numbers was not spelled out in Obama's January speech. However, the DoJ did issue a letter (PDF) specifying the conditions. It appears that service providers can only disclose FISC requests in bulk in increments of 1,000s. So, the service providers will report "0 to 999" if the number of requests was somewhere less than 1,000 requests. At best, this is a mild reform since the DoJ had allowed such reporting once before in the past.

The reporting is also subject to restrictions if a company is the subject of an FISC order for the first time, which is called a "new capability order." In that case, the information isn't permitted to be released for two years.

The service providers have two options to report aggregate data, as described in the DoJ's letter. However, neither option seems to allow the service providers to disclose the individual's name or the name of the company targeted by the FISC order.

In response to the DoJ's announcements, Microsoft issued a statement today calling the DoJ's announcements a "very positive step."

We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive. We're pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we'll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.

However, very little has changed. People or organizations still don't know that their information is being collected secretly by the U.S. government. In addition, the scale of those snooping requests will get a bulk number, but the exact figure apparently won't be known.

Microsoft's earlier complaints had suggested that governmental authority to collect private user data should be limited. However, no such restrictions were specified in the DoJ's letter issued on Monday, or in Obama's January speech.